Lines Matching full:certificate
156 # cert_in_cb - Whether to include a peer certificate dump in events
158 # its certificate chain are included in EAP peer certificate events. This is
501 # ca_cert: CA certificate for Interworking network selection
503 # client_cert: File path to client certificate file (PEM/DER)
505 # where client certificate/private key is used for authentication
518 # commented out. Both the private key and certificate will be read
526 # Windows certificate store can be used by leaving client_cert out and
536 # certificate store (My user account) is used, whereas computer store
626 # ocsp: Whether to use/require OCSP to check server certificate
627 # 0 = do not use OCSP stapling (TLS certificate status extension)
631 # certificates in the server certificate chain
962 # TLS = EAP-TLS (client and server certificate)
984 # ca_cert: File path to CA certificate file (PEM/DER). This file can have one
986 # included, server certificate will not be verified. This is insecure and
987 # a trusted CA certificate should always be configured when using
992 # certificate (SHA-256 hash of the DER encoded X.509 certificate). In
993 # this case, the possible CA certificates in the server certificate chain
994 # are ignored and only the server certificate is verified. This is
1001 # certificate store by setting this to cert_store://<name>, e.g.,
1004 # certificate store (My user account) is used, whereas computer store
1006 # ca_path: Directory path for CA certificate files (PEM). This path may
1012 # client_cert: File path to client certificate file (PEM/DER)
1019 # commented out. Both the private key and certificate will be read from
1022 # Windows certificate store can be used by leaving client_cert out and
1028 # certificate store (My user account) is used, whereas computer store
1043 # authentication server certificate. If this string is set, the server
1044 # certificate is only accepted if it contains this string in the subject.
1052 # the alternative subject name of the authentication server certificate.
1053 # If this string is set, the server certificate is only accepted if it
1060 # used as a suffix match requirement for the AAA server certificate in
1067 # domain_suffix_match shall be included in the certificate. The
1068 # certificate may include additional sub-level labels in addition to the
1075 # server certificate in SubjectAltName dNSName element(s). If a
1129 # tls_allow_md5=1 - allow MD5-based certificate signatures (depending on the
1132 # tls_disable_time_checks=1 - ignore certificate validity time (this requests
1148 # tls_ext_cert_check=0 - No external server certificate validation (default)
1149 # tls_ext_cert_check=1 - External server certificate validation enabled; this
1150 # requires an external program doing validation of server certificate
1155 # Following certificate/private key fields are used in inner Phase2
1157 # ca_cert2: File path to CA certificate file. This file can have one or more
1159 # server certificate will not be verified. This is insecure and a trusted
1160 # CA certificate should always be configured.
1161 # ca_path2: Directory path for CA certificate files (PEM)
1162 # client_cert2: File path to client certificate file
1167 # authentication server certificate. See subject_match for more details.
1170 # certificate. See altsubject_match documentation for more details.
1181 # ocsp: Whether to use/require OCSP to check server certificate
1182 # 0 = do not use OCSP stapling (TLS certificate status extension)
1186 # certificates in the server certificate chain
1433 # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
1653 # Certificate and/or key identified by PKCS#11 URI (RFC7512)
1662 # Example configuration showing how to use an inlined blob as a CA certificate
